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WHAT IS CLAIMED IS: 

1 1 . A method for revocation of a signature certificate in a Public Key 

2 Infrastructure (PKI) comprising: 

3 creating an authenticated secure channel with a registration web server; 

4 requesting the registration web server revoke a user signature certificate, the 

5 requesting occurring over the authenticated secure channel; 

6 revoking the user signature certificate; 

7 notifying a directory by the registration web server of revocation of the user 

8 Cj signature certificate; and 

9 setting a user entry in the directory to a state without a signature certificate. 

1 L 2. The method according to claim 1, further comprising generating a directory 

2 C3 password for the user during creation of the user signature certificate. 

1 3. The method according to claim 2, wherein the creating and requesting are 

2 initiated by the user. 

1 4. The method according to claim 3. wherein the security of the user signature 

2 certificate has been potentially compromised. 
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1 5. The method according to claim 3, further comprising sending the user one of 

2 a password and a personal identification number (PIN) by the registration web server 

3 after the setting of the user entry. 



1 6. The method according to claim 5, further comprising requesting a new 

2 signature certificate by the user using the directory password and one of the password 

3 and the PIN. 

u 

ty 

1 7. The method according to claim 3, further comprising using the user signature 

2 certificate to authenticate the user before the creating. 

1 M 8. The method according to claim 1, further comprising notifying a personal 

2 ^ registration authority by a user that the user has lost the user signature certificate, the 

i _J 

3 p notifying occurring before the creating. 

1 9. The method according to claim 8, wherein the creating and requesting are 

2 initiated by the personal registration authority. 

1 10. The method according to claim 9, further comprising requesting a personal 

2 registration authority's signature certificate to authenticate the personal registration 

3 authority before the creating. 
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1 1 . The method according to claim 10, wherein the personal registration 
authority is a supervisor of the user. 



12. The method according to claim 10, further comprising querying the directory 
after the requesting the registration web server revoke the user signature certificate to 
determine if the personal registration authority is permitted to revoke the user signature 
certificate. 

13. The method according to claim 12, further comprising revoking the user 
signature certificate by the registration web server only if the personal registration 
authority is permitted to revoke the user signature certificate. 

14. The method according to claim 13, further comprising generating a directory 
password for the user during creation of the user signature certificate. 

15. The method according to claim 14, further comprising sending the user one 
of a password and a personal identification number (PIN) by the registration web server 
after the setting of the user entry. 

16. The method according to claim 15, further comprising requesting a new 
signature certificate by the user using the directory password and one of the password 
and the PIN. 
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1 17. The method according to claim 1. wherein the revoking is performed by the 

2 registration web server. 

1 18. An article comprising a storage medium having instructions stored therein, 

2 the instructions when executed causing a processing device to perform: 

3 creating an authenticated secure channel with an entity; 

4 W receiving a request from the entity to revoke a user signature certificate; 

5 .2 revoking the user signature certificate; and 

6 5 notifying a directory of revocation of the user signature certificate. 
CO 

5 

1 r 19. The article according to claim 18, further comprising verifying the entity is 

2 permitted to revoke the user signature certificate. 

r : 

1 20. The article according to claim 19, further comprising revoking the user 

2 signature certificate only if the entity is permitted to revoke the user signature certificate. 

1 21 . The article according to claim 18, wherein the entity is the user. 

1 22. The article according to claim 18, wherein the entity is a personal revocation 

2 authority. 
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• 1 23. A system for revocation of a signature certificate in a Public Key 

2 Infrastructure (PKI) comprising: 

3 at least one server operably connected to a network; 

4 a directory operably connected to the network, the directory containing 

5 information on at least one user; 

6 at least one client platform operably connected to the network, the at least one 

7 user having access to the at least one server from the at least one client platform; and 

8 ^3 a registration web server operably connected to the network, the registration web 

9 f'i server receiving a request for revocation of a user signature certificate from an entity, 

10 =c the registration web server revoking the user signature certificate only if the entity is 

1 1 CO permitted to revoke the user signature certificate, the registration web server notifying 

12 [" the directory of revocation of the user signature certificate if revoked. 

1 u 24. The system according to claim 23, wherein the information on at least one 

2 user includes a user entry related to the user signature certificate, the directory setting 

3 the user entry in the directory to a state without a signature certificate if the user 

4 signature certificate is revoked. 

1 25. The system according to claim 23, further comprising an authenticated 

2 secure channel between the entity and the registration web server, the requesting 

3 occurring over the authenticated secure channel. 



-25- 



^ ^TRW Docket No. 1 5-0230 

26. The system according to claim 23. wherein the entity comprises one at least 
one user. 

27. The system according to claim 23, wherein the entity comprises a personal 
registration authority. 

28. The system according to claim 27, wherein the personal registration 
authority is a supervisor of the at least one user. 
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